PHP Classes

File: tests/BasicTest.php

Recommend this page to a friend!
  Classes of Scott Arciszewski   PHP HPKP Builder   tests/BasicTest.php   Download  
File: tests/BasicTest.php
Role: Class source
Content type: text/plain
Description: Class source
Class: PHP HPKP Builder
Generate Public Key Pinning headers
Author: By
Last change:
Date: 4 years ago
Size: 4,122 bytes
 

Contents

Class file image Download
<?php
declare(strict_types=1);

use ParagonIE\HPKPBuilder\HPKPBuilder;
use PHPUnit\Framework\TestCase;

class BasicTest extends TestCase
{
    protected function getHPKPObject($reportURI)
    {
        $hashes = [
            '1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=',
            '1VilPkeVqirlPifk5scbzcTTbMT2clp-Zkyv9VFFasE',
            'd558a53e4795aa2ae53e27e4e6c71bcdc4d36cc4f6725a7e664caff551456ac1',
            "\xd5\x58\xa5\x3e\x47\x95\xaa\x2a\xe5\x3e\x27\xe4\xe6\xc7\x1b\xcd".
            "\xc4\xd3\x6c\xc4\xf6\x72\x5a\x7e\x66\x4c\xaf\xf5\x51\x45\x6a\xc1"
        ];

        $hpkp = new HPKPBuilder();
        foreach ($hashes as $h) {
            $hpkp->addHash($h);
        }
        $hpkp->reportOnly(true)
            ->reportUri($reportURI)
            ->includeSubdomains(true);
        return $hpkp;
    }

    /**
     * @covers HPKPBuilder::addHash
     * @covers HPKPBuilder::coerceBase64
     * @covers HPKPBuilder::includeSubdomains
     * @covers HPKPBuilder::reportOnly
     * @covers HPKPBuilder::reportUri
     */
    public function testHeaderOutput()
    {
        $reportURI = 'https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/hpkp/reportOnly';
        $hpkp = $this->getHPKPObject($reportURI);

        $this->assertSame(
            "Public-Key-Pins-Report-Only: " .
                "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
                "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
                "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
                "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
                "max-age=5184000; includeSubDomains; " .
                "report-uri=\"" . $reportURI . "\""
            ,
            $hpkp->getHeader()
        );

        $hpkp->reportOnly(false);
        $this->assertSame(
            "Public-Key-Pins: " .
            "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
            "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
            "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
            "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
            "max-age=5184000; includeSubDomains; " .
            "report-uri=\"" . $reportURI . "\""
            ,
            $hpkp->getHeader()
        );

        $hpkp->reportOnly(true)
            ->reportUri('');
        $this->assertSame(
            "Public-Key-Pins: " .
            "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
            "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
            "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
            "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
            "max-age=5184000; includeSubDomains"
            ,
            $hpkp->getHeader()
        );

        $hpkp->includeSubdomains(false);

        $this->assertSame(
            "Public-Key-Pins: " .
            "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
            "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
            "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
            "pin-sha256=\"1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=\"; " .
            "max-age=5184000"
            ,
            $hpkp->getHeader()
        );
    }

    /**
     * @covers HPKPBuilder::fromFile
     * @covers HPKPBuilder::getJSON
     */
    public function testLoadSave()
    {
        $reportURI = 'https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/hpkp/reportOnly';
        $hpkp = $this->getHPKPObject($reportURI);
        $saved = $hpkp->getJSON();
        if (@\file_put_contents(__DIR__. '/testing.json', $saved) === false) {
            $this->markTestSkipped('Could not save JSON file');
        }
        $hpkp2 = HPKPBuilder::fromFile(__DIR__. '/testing.json');

        $this->assertSame(
            $hpkp->getHeader(),
            $hpkp2->getHeader()
        );
        \unlink(__DIR__ . '/testing.json');
    }
}